in aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py [0:0]
def get_enabled_regions(customer_regions: str, control_tower_regions_only: bool = False) -> list: # noqa: CCR001
"""Query STS to identify enabled regions.
Args:
customer_regions: customer provided comma delimited string of regions
control_tower_regions_only: Use the Control Tower governed regions. Defaults to False.
Returns:
Enabled regions
"""
if customer_regions.strip():
LOGGER.debug(f"CUSTOMER PROVIDED REGIONS: {str(customer_regions)}")
region_list = [value.strip() for value in customer_regions.split(",") if value != ""]
elif control_tower_regions_only:
region_list = get_control_tower_regions()
else:
default_available_regions = [
"ap-northeast-1",
"ap-northeast-2",
"ap-northeast-3",
"ap-south-1",
"ap-southeast-1",
"ap-southeast-2",
"ca-central-1",
"eu-central-1",
"eu-north-1",
"eu-west-1",
"eu-west-2",
"eu-west-3",
"sa-east-1",
"us-east-1",
"us-east-2",
"us-west-1",
"us-west-2",
]
LOGGER.info({"Default_Available_Regions": default_available_regions})
region_list = default_available_regions
enabled_regions = []
disabled_regions = []
invalid_regions = []
region_session = boto3.Session()
for region in region_list:
try:
sts_client = region_session.client("sts", endpoint_url=f"https://sts.{region}.amazonaws.com", region_name=region)
sts_client.get_caller_identity()
enabled_regions.append(region)
except ClientError as error:
if error.response["Error"]["Code"] == "InvalidClientTokenId":
disabled_regions.append(region)
LOGGER.error(f"Error {error.response['Error']} occurred testing region {region}")
except Exception as error:
if "Could not connect to the endpoint URL" in str(error):
invalid_regions.append(region)
LOGGER.error(f"Region: '{region}' is not valid")
LOGGER.error(f"{error}")
LOGGER.info({"Disabled_Regions": disabled_regions})
LOGGER.info({"Invalid_Regions": invalid_regions})
return enabled_regions